Network Giants Address Security

Nortel, Cisco both roll out new products that extend security across a variety of networks.

Cisco Systems Inc. and Nortel Networks are both giving users more options for securing their networks.

Cisco this week announced an upgrade for its security management software, known as Cisco Works VPN/Security Management Solution, or VMS, that allows enterprises to control multiple types of Cisco security gear and software from a single application. It also rolled out an upgrade to its ACS (Access Control Server) that supports the emerging PEAP (Protected Extensible Authentication Protocol) for securing wireless LAN access.

The centralized administration comes from a Management Center for PIX firewalls feature in VMS 2.1 and a Monitoring Center for Security. Version 2.1 also has intrusion detection sensors and supports VPNs (virtual private networks). All these tools offer a consistent interface, according to Cisco officials, in San Jose, Calif.

VMS 2.1s Auto Update Server lets administrators set and update security policies at local and remote firewalls.

"Auto Update Server is a key feature that removes the barrier to large-scale firewall deployments," said Cisco Product Manager Bob Yee. "Before Auto Update Server you used push out policies to [remote and mobile computing devices.] You needed to know everyones IP address. If you have a large number of devices and use dynamic IP addresses … how do you know what the IP address is to deploy a policy?

"[Auto Update Server] uses a pull model—the remote device pulls in the most recent security policy [when it connects to the network]," Yee said.

An important update in ACS 2.1 is support for PEAP, a protocol based on the IEEEs 802.1x architecture that enables authentication on a wireless network. PEAP supports one-time token authentication, as well as password change and expiration. It also supports LDAP and NDS directories.

Both Cisco upgrades are available now. Pricing for VMS 2.1 starts at $7,995 and ACS 3.1 is priced at $5,995.

Separately, Nortel introduced an appliance that officials say provide SSL encryption that is much faster than using a Web server to do the job. Nortel also began shipping an upgrade to its Contivity IP Services Gateway software that can secure a variety of IP service including voice and wireless transmissions.

The new Alteon SSL 410 appliance manages remote users SSL (Secure Socket Layer) sessions and proxy applications. In this way, it provides secure access via SSL-compatible Web browsers to corporate applications like e-mail, portals and some legacy applications, as well as file transfer capabilities, officials said. This method of securing application access is less expensive than deploying and managing a VPN, Nortel officials said.

Nortel touted the Alteon SSL 410s scalability saying it can support 16,000 simultaneous SSL sessions and initiate 2,000 sessions per second.

Release 4.7 of the Contivity Secure IP Services Gateway software provides routing with pre-existing VPN tunnels, firewall and bandwidth management capabilities.

The new products fit into what Nortel is calling its Unified Security Architecture, which looks to provide building blocks for enhancing security across telephony, voice over IP, and data networks. Nortel officials, in Santa Clara, Calif., said the architecture addressed such areas as authentication, encryption, packet inspection, security policy management and network configuration management.